Merge pull request #171 from JuanitoFatas/patch/whitelist-summary-and…

…-details-tags Whitelist summary and details element.
gjtorikian · Jan 21, 2015 · b57a88c · b57a88c
2 parents 45d6b4d + a83e505
commit b57a88c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/lib/html/pipeline/sanitization_filter.rb b/lib/html/pipeline/sanitization_filter.rb
@@ -45,7 +45,7 @@ class SanitizationFilter < Filter
         :elements => %w(
           h1 h2 h3 h4 h5 h6 h7 h8 br b i strong em a pre code img tt
           div ins del sup sub p ol ul table thead tbody tfoot blockquote
-          dl dt dd kbd q samp var hr ruby rt rp li tr td th s strike
+          dl dt dd kbd q samp var hr ruby rt rp li tr td th s strike summary details
         ),
         :remove_contents => ['script'],
         :attributes => {
@@ -57,13 +57,13 @@ class SanitizationFilter < Filter
                     'border', 'cellpadding', 'cellspacing', 'char',
                     'charoff', 'charset', 'checked', 'cite',
                     'clear', 'cols', 'colspan', 'color',
-                    'compact', 'coords', 'datetime', 'details', 'dir',
+                    'compact', 'coords', 'datetime', 'dir',
                     'disabled', 'enctype', 'for', 'frame',
                     'headers', 'height', 'hreflang',
                     'hspace', 'ismap', 'label', 'lang',
                     'longdesc', 'maxlength', 'media', 'method',
                     'multiple', 'name', 'nohref', 'noshade',
-                    'nowrap', 'prompt', 'readonly', 'rel', 'rev',
+                    'nowrap', 'open', 'prompt', 'readonly', 'rel', 'rev',
                     'rows', 'rowspan', 'rules', 'scope',
                     'selected', 'shape', 'size', 'span',
                     'start', 'summary', 'tabindex', 'target',

diff --git a/test/html/pipeline/sanitization_filter_test.rb b/test/html/pipeline/sanitization_filter_test.rb
@@ -127,4 +127,28 @@ def test_table_sections_are_not_removed
 </table>)
     assert_equal orig, SanitizationFilter.call(orig).to_s
   end
+
+  def test_summary_tag_are_not_removed
+    orig = %(<summary>Foo</summary>)
+    assert_equal orig, SanitizationFilter.call(orig).to_s
+  end
+
+  def test_details_tag_and_open_attribute_are_not_removed
+    orig = %(<details open>Foo</details>)
+    assert_equal orig, SanitizationFilter.call(orig).to_s
+  end
+
+  def test_nested_details_tag_are_not_removed
+    orig = <<-NESTED
+      <details>
+        <summary>Foo</summary>
+        <details>
+          Bar
+          <summary>Baz</summary>
+        </details>
+        Qux
+      </details>
+    NESTED
+    assert_equal orig, SanitizationFilter.call(orig).to_s
+  end
 end